<!DOCTYPE html> <html lang=zh-CN><!--
 Page saved with SingleFile 
 url: https://yuerblog.cc/2019/02/25/flannel-and-calico/ 
 saved date: Sat Jan 18 2020 20:09:14 GMT+0800 (China Standard Time)
--><meta charset=utf-8>
<meta name=viewport content="width=device-width">
<title>白话flannel和calico网络原理 | 鱼儿的博客</title>
<link rel=profile href=http://gmpg.org/xfn/11>
<link rel=pingback href=https://yuerblog.cc/xmlrpc.php>
<!--[if lt IE 9]>
<script src="https://yuerblog.cc/wp-content/themes/twentytwelve/js/html5.js" type="text/javascript"></script>
<![endif]-->
<meta name=description content="今天看了一些K8S容器虚拟化网络的博客，对网络插件的原理有了一些新的认识，在这里记录下来。 容器虚拟化网络方案，">
<meta property=og:locale content=zh_CN>
<meta property=og:type content=website>
<meta property=og:title content="白话flannel和calico网络原理 | 鱼儿的博客">
<meta property=og:description content="今天看了一些K8S容器虚拟化网络的博客，对网络插件的原理有了一些新的认识，在这里记录下来。 容器虚拟化网络方案，总体分为2种截然不同的发展路线： 基于隧道 基于路由 下面分别说一下这两种思路的原理，以及和flannel、calico的关系。 隧道方案最具普适性，在任何网络环境下都可以正常工作，这与它的原理密不可分。 最常见的隧道方案是flannel vxlan模式，以及calico的ipip模式，">
<meta property=og:url content=https://yuerblog.cc/2019/02/25/flannel-and-calico/>
<meta property=og:site_name content=鱼儿的博客>
<meta name=twitter:card content=summary_large_image>
<meta name=twitter:title content="白话flannel和calico网络原理 | 鱼儿的博客">
<meta name=twitter:description content="今天看了一些K8S容器虚拟化网络的博客，对网络插件的原理有了一些新的认识，在这里记录下来。 容器虚拟化网络方案，总体分为2种截然不同的发展路线： 基于隧道 基于路由 下面分别说一下这两种思路的原理，以及和flannel、calico的关系。 隧道方案最具普适性，在任何网络环境下都可以正常工作，这与它的原理密不可分。 最常见的隧道方案是flannel vxlan模式，以及calico的ipip模式，">
<link rel=canonical href=https://yuerblog.cc/2019/02/25/flannel-and-calico/>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"https://yuerblog.cc/","name":"鱼儿的博客"}},{"@type":"ListItem","position":2,"item":{"@id":"https://yuerblog.cc/category/k8s/","name":"k8s"}},{"@type":"ListItem","position":3,"item":{"@id":"https://yuerblog.cc/2019/02/25/flannel-and-calico/","name":"白话flannel和calico网络原理"}}]}</script>
<link rel=alternate type=application/rss+xml title="鱼儿的博客 » Feed" href=https://yuerblog.cc/feed/>
<link rel=alternate type=application/rss+xml title="鱼儿的博客 » 评论Feed" href=https://yuerblog.cc/comments/feed/>
<link rel=alternate type=application/rss+xml title="鱼儿的博客 » 白话flannel和calico网络原理评论Feed" href=https://yuerblog.cc/2019/02/25/flannel-and-calico/feed/>
<style>@supports (-webkit-overflow-scrolling:touch){.wp-block-cover-image.has-parallax,.wp-block-cover.has-parallax{background-attachment:scroll}}@supports ((position:-webkit-sticky) or (position:sticky)){.wp-block-cover-image:after,.wp-block-cover:after{content:none}}@supports ((position:-webkit-sticky) or (position:sticky)){.blocks-gallery-grid .blocks-gallery-image figure,.blocks-gallery-grid .blocks-gallery-item figure,.wp-block-gallery .blocks-gallery-image figure,.wp-block-gallery .blocks-gallery-item figure{display:flex;align-items:flex-end;justify-content:flex-start}}@supports ((position:-webkit-sticky) or (position:sticky)){.blocks-gallery-grid .blocks-gallery-image img,.blocks-gallery-grid .blocks-gallery-item img,.wp-block-gallery .blocks-gallery-image img,.wp-block-gallery .blocks-gallery-item img{width:auto}}@supports ((position:-webkit-sticky) or (position:sticky)){.blocks-gallery-grid.is-cropped .blocks-gallery-image a,.blocks-gallery-grid.is-cropped .blocks-gallery-image img,.blocks-gallery-grid.is-cropped .blocks-gallery-item a,.blocks-gallery-grid.is-cropped .blocks-gallery-item img,.wp-block-gallery.is-cropped .blocks-gallery-image a,.wp-block-gallery.is-cropped .blocks-gallery-image img,.wp-block-gallery.is-cropped .blocks-gallery-item a,.wp-block-gallery.is-cropped .blocks-gallery-item img{height:100%;flex:1;-o-object-fit:cover;object-fit:cover}}@media (min-width:600px){@supports (-ms-ime-align:auto){.blocks-gallery-grid.columns-3 .blocks-gallery-image,.blocks-gallery-grid.columns-3 .blocks-gallery-item,.wp-block-gallery.columns-3 .blocks-gallery-image,.wp-block-gallery.columns-3 .blocks-gallery-item{width:calc((100% - 32px)/3 - 1px)}}@supports (-ms-ime-align:auto){.blocks-gallery-grid.columns-4 .blocks-gallery-image,.blocks-gallery-grid.columns-4 .blocks-gallery-item,.wp-block-gallery.columns-4 .blocks-gallery-image,.wp-block-gallery.columns-4 .blocks-gallery-item{width:calc((100% - 48px)/4 - 1px)}}@supports (-ms-ime-align:auto){.blocks-gallery-grid.columns-5 .blocks-gallery-image,.blocks-gallery-grid.columns-5 .blocks-gallery-item,.wp-block-gallery.columns-5 .blocks-gallery-image,.wp-block-gallery.columns-5 .blocks-gallery-item{width:calc((100% - 64px)/5 - 1px)}}@supports (-ms-ime-align:auto){.blocks-gallery-grid.columns-6 .blocks-gallery-image,.blocks-gallery-grid.columns-6 .blocks-gallery-item,.wp-block-gallery.columns-6 .blocks-gallery-image,.wp-block-gallery.columns-6 .blocks-gallery-item{width:calc((100% - 80px)/6 - 1px)}}@supports (-ms-ime-align:auto){.blocks-gallery-grid.columns-7 .blocks-gallery-image,.blocks-gallery-grid.columns-7 .blocks-gallery-item,.wp-block-gallery.columns-7 .blocks-gallery-image,.wp-block-gallery.columns-7 .blocks-gallery-item{width:calc((100% - 96px)/7 - 1px)}}@supports (-ms-ime-align:auto){.blocks-gallery-grid.columns-8 .blocks-gallery-image,.blocks-gallery-grid.columns-8 .blocks-gallery-item,.wp-block-gallery.columns-8 .blocks-gallery-image,.wp-block-gallery.columns-8 .blocks-gallery-item{width:calc((100% - 112px)/8 - 1px)}}}@supports ((-webkit-mask-image:none) or (mask-image:none)) or (-webkit-mask-image:none){.is-style-circle-mask img{-webkit-mask-image:url('data:image/svg+xml;utf8,<svg viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg"><circle cx="50" cy="50" r="50"/></svg>');mask-image:url('data:image/svg+xml;utf8,<svg viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg"><circle cx="50" cy="50" r="50"/></svg>');mask-mode:alpha;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;-webkit-mask-position:center;mask-position:center;border-radius:none}}@supports ((position:-webkit-sticky) or (position:sticky)){.wp-block-video [poster]{-o-object-fit:cover;object-fit:cover}}html,body,div,span,h1,h2,h3,p,a,cite,img,small,strong,b,ol,ul,li,form,label,article,aside,footer,header,hgroup,nav,section,time{margin:0;padding:0;border:0;font-size:100%;vertical-align:baseline}body{line-height:1}ol,ul{list-style:none}h1,h2,h3{clear:both}html{overflow-y:scroll;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted}article,aside,footer,header,hgroup,nav,section{display:block}small{font-size:smaller}img{border:0;-ms-interpolation-mode:bicubic}.clear:after,.wrapper:after,.format-status .entry-header:after{clear:both}.clear:before,.clear:after,.wrapper:before,.wrapper:after,.format-status .entry-header:before,.format-status .entry-header:after{display:table;content:""}.widget-title{font-size:.785714286rem;line-height:2.181818182;font-weight:bold;text-transform:uppercase;color:#636363}input,textarea{border:1px solid #ccc;border-radius:3px;font-family:inherit;padding:.428571429rem}input{line-height:normal}textarea{overflow:auto;vertical-align:top}input[type="submit"]{padding:.428571429rem .714285714rem;font-size:.785714286rem;line-height:1.428571429;font-weight:normal;color:#7c7c7c;background-color:#e6e6e6;background-repeat:repeat-x;background-image:-moz-linear-gradient(top,#f4f4f4,#e6e6e6);background-image:-ms-linear-gradient(top,#f4f4f4,#e6e6e6);background-image:-webkit-linear-gradient(top,#f4f4f4,#e6e6e6);background-image:-o-linear-gradient(top,#f4f4f4,#e6e6e6);background-image:linear-gradient(to bottom,#f4f4f4,#e6e6e6);border:1px solid #d2d2d2;border-radius:3px;box-shadow:0 1px 2px rgba(64,64,64,0.1)}input[type="submit"]{cursor:pointer}.menu-toggle:hover,.menu-toggle:focus,button:hover,input[type="submit"]:hover,input[type="button"]:hover,input[type="reset"]:hover,article.post-password-required input[type=submit]:hover{color:#5e5e5e;background-color:#ebebeb;background-repeat:repeat-x;background-image:-moz-linear-gradient(top,#f9f9f9,#ebebeb);background-image:-ms-linear-gradient(top,#f9f9f9,#ebebeb);background-image:-webkit-linear-gradient(top,#f9f9f9,#ebebeb);background-image:-o-linear-gradient(top,#f9f9f9,#ebebeb);background-image:linear-gradient(to bottom,#f9f9f9,#ebebeb)}.menu-toggle:active,.menu-toggle.toggled-on,button:active,input[type="submit"]:active,input[type="button"]:active,input[type="reset"]:active{color:#757575;background-color:#e1e1e1;background-repeat:repeat-x;background-image:-moz-linear-gradient(top,#ebebeb,#e1e1e1);background-image:-ms-linear-gradient(top,#ebebeb,#e1e1e1);background-image:-webkit-linear-gradient(top,#ebebeb,#e1e1e1);background-image:-o-linear-gradient(top,#ebebeb,#e1e1e1);background-image:linear-gradient(to bottom,#ebebeb,#e1e1e1);box-shadow:inset 0 0 8px 2px #c6c6c6,0 1px 0 0 #f4f4f4;border-color:transparent}.entry-content img,.widget img{max-width:100%}img[class*="wp-image-"]{height:auto}img.size-full{max-width:100%;height:auto}.aligncenter{display:block;margin-left:auto;margin-right:auto}.entry-content img,.widget img{border-radius:3px;box-shadow:0 1px 4px rgba(0,0,0,0.2)}.site-content nav{clear:both;line-height:2;overflow:hidden}.nav-previous{float:left;width:50%}.nav-next{float:right;text-align:right;width:50%}.nav-single+.comments-area{margin:3.428571429rem 0}html{font-size:87.5%}body{font-size:1rem;font-family:Helvetica,Arial,sans-serif;text-rendering:optimizeLegibility;color:#444}a{outline:0;color:#21759b}a:hover{color:#0f3647}.assistive-text,.site .screen-reader-text{position:absolute!important;clip:rect(1px,1px,1px,1px);overflow:hidden;height:1px;width:1px}.main-navigation .assistive-text:focus,.site .screen-reader-text:hover,.site .screen-reader-text:active,.site .screen-reader-text:focus{background:#fff;border:2px solid #333;border-radius:3px;clip:auto!important;color:#000;display:block;font-size:12px;height:auto;padding:12px;position:absolute;top:5px;left:5px;width:auto;z-index:100000}.site{padding:0 1.714285714rem;background-color:#fff}.site-content{margin:1.714285714rem 0 0}.widget-area{margin:1.714285714rem 0 0}.site-header{padding:1.714285714rem 0}.site-header h1,.site-header h2{text-align:center}.site-header h1 a{color:#515151;display:inline-block;text-decoration:none}.site-header h1 a:hover,.site-header h2 a:hover{color:#21759b}.site-header h1{font-size:1.714285714rem;line-height:1.285714286;margin-bottom:1rem}.site-header h2{font-weight:normal;font-size:.928571429rem;line-height:1.846153846;color:#757575}.main-navigation{margin-top:1.714285714rem;text-align:center}.main-navigation li{margin-top:1.714285714rem;font-size:.857142857rem;line-height:1.42857143}.main-navigation a{color:#5e5e5e}.main-navigation a:hover,.main-navigation a:focus{color:#21759b}.main-navigation ul.nav-menu{display:none}.widget-area .widget{-webkit-hyphens:auto;-moz-hyphens:auto;hyphens:auto;margin-bottom:3.428571429rem;word-wrap:break-word}.widget-area .widget h3{margin-bottom:1.714285714rem}.widget-area .widget p,.widget-area .widget li,.widget-area .widget .textwidget{font-size:.928571429rem;line-height:1.846153846}.widget-area .widget p{margin-bottom:1.714285714rem}.widget-area .widget a{color:#757575}.widget-area .widget a:hover{color:#21759b}.widget-area .widget a:visited{color:#9f9f9f}.widget-area #s{width:53.66666666666%}footer[role="contentinfo"]{border-top:1px solid #ededed;clear:both;font-size:.857142857rem;line-height:2;max-width:68.571428571rem;margin-top:1.714285714rem;margin-left:auto;margin-right:auto;padding:1.714285714rem 0}footer[role="contentinfo"] a{color:#686868}footer[role="contentinfo"] a:hover{color:#21759b}.entry-meta{clear:both}.entry-header{margin-bottom:1.714285714rem}.entry-header .entry-title{font-size:1.428571429rem;line-height:1.2;font-weight:normal}.entry-header .comments-link{margin-top:1.714285714rem;font-size:.928571429rem;line-height:1.846153846;color:#757575}.comments-link a,.entry-meta a{color:#757575}.comments-link a:hover,.entry-meta a:hover{color:#21759b}.entry-content{line-height:1.714285714}.entry-content h1,.entry-content h2{margin:1.714285714rem 0}.entry-content h1{font-size:1.5rem;line-height:1.5}.entry-content h2{font-size:1.285714286rem;line-height:1.6}.entry-content p,.comment-content p{margin:0 0 1.714285714rem;line-height:1.714285714}.entry-content a:visited,.comment-content a:visited{color:#9f9f9f}.entry-content ul{margin:0 0 1.714285714rem;line-height:1.714285714}.entry-content ul{list-style:disc outside}.entry-content li{margin:0 0 0 2.571428571rem}img.aligncenter{clear:both;margin-top:.857142857rem;margin-bottom:.857142857rem}.site-content article{border-bottom:4px double #ededed;margin-bottom:5.142857143rem;padding-bottom:1.714285714rem;word-wrap:break-word;-webkit-hyphens:auto;-moz-hyphens:auto;hyphens:auto}footer.entry-meta{margin-top:1.714285714rem;font-size:.928571429rem;line-height:1.846153846;color:#757575}.comments-title{margin-bottom:3.428571429rem;font-size:1.142857143rem;line-height:1.5;font-weight:normal}.comments-area article{margin:1.714285714rem 0}.comments-area article header{margin:0 0 3.428571429rem;overflow:hidden;position:relative}.comments-area article header img{float:left;padding:0;line-height:0}.comments-area article header cite,.comments-area article header time{display:block;margin-left:6.071428571rem}.comments-area article header cite{font-style:normal;font-size:1.071428571rem;line-height:1.42857143}.comments-area cite b{font-weight:normal}.comments-area article header time{line-height:1.714285714;text-decoration:none;font-size:.857142857rem;color:#5e5e5e}.comments-area article header a{text-decoration:none;color:#5e5e5e}.comments-area article header a:hover{color:#21759b}a.comment-reply-link{color:#686868;font-size:.928571429rem;line-height:1.846153846}a.comment-reply-link:hover,a.comment-edit-link:hover{color:#21759b}#respond{margin-top:3.428571429rem}#respond h3#reply-title{font-size:1.142857143rem;line-height:1.5}#respond h3#reply-title #cancel-comment-reply-link{margin-left:.714285714rem;font-weight:normal;font-size:.857142857rem}#respond form{margin:1.714285714rem 0}#respond form p{margin:.785714286rem 0}#respond form label{display:block;line-height:1.714285714}#respond form input[type="text"],#respond form textarea{-moz-box-sizing:border-box;box-sizing:border-box;font-size:.857142857rem;line-height:1.714285714;padding:.714285714rem;width:100%}.widget_search label{display:block;font-size:.928571429rem;line-height:1.846153846}@-ms-viewport{width:device-width}@viewport{width:device-width}@media screen and (min-width:600px){.site{margin:0 auto;max-width:68.571428571rem;overflow:hidden}.site-content{float:left;width:65.104166667%}.widget-area{float:right;width:26.041666667%}.site-header h1,.site-header h2{text-align:left}.site-header h1{font-size:1.857142857rem;line-height:1.846153846;margin-bottom:0}.main-navigation ul.nav-menu{border-bottom:1px solid #ededed;border-top:1px solid #ededed;display:inline-block!important;text-align:left;width:100%}.main-navigation ul{margin:0;text-indent:0}.main-navigation li a,.main-navigation li{display:inline-block;text-decoration:none}.main-navigation li a{border-bottom:0;color:#6a6a6a;line-height:3.692307692;text-transform:uppercase;white-space:nowrap}.main-navigation li a:hover,.main-navigation li a:focus{color:#000}.main-navigation li{margin:0 2.857142857rem 0 0;position:relative}.entry-header .entry-title{font-size:1.571428571rem}#respond form input[type="text"]{width:46.333333333%}}@media screen and (min-width:960px){body{background-color:#e6e6e6}body .site{padding:0 2.857142857rem;margin-top:3.428571429rem;margin-bottom:3.428571429rem;box-shadow:0 2px 6px rgba(100,100,100,0.3)}}</style>
<!--[if lt IE 9]>
<link rel='stylesheet' id='twentytwelve-ie-css'  href='https://yuerblog.cc/wp-content/themes/twentytwelve/css/ie.css?ver=20121010' type='text/css' media='all' />
<![endif]-->
<link rel=https://api.w.org/ href=https://yuerblog.cc/wp-json/>
<link rel=EditURI type=application/rsd+xml title=RSD href=https://yuerblog.cc/xmlrpc.php?rsd>
<link rel=wlwmanifest type=application/wlwmanifest+xml href=https://yuerblog.cc/wp-includes/wlwmanifest.xml>
<link rel=alternate type=application/json+oembed href="https://yuerblog.cc/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fyuerblog.cc%2F2019%2F02%2F25%2Fflannel-and-calico%2F">
<link rel=alternate type=text/xml+oembed href="https://yuerblog.cc/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fyuerblog.cc%2F2019%2F02%2F25%2Fflannel-and-calico%2F&amp;format=xml">
<style id=custom-background-css>body.custom-background{background-image:url();background-position:center center;background-size:auto;background-repeat:repeat;background-attachment:fixed}</style>
<link type=image/x-icon rel="shortcut icon" href=data:><style>.sf-hidden{display:none!important}</style></head>
<body class="post-template-default single single-post postid-4535 single-format-standard custom-background wp-embed-responsive single-author">
<div id=page class="hfeed site">
 <header id=masthead class=site-header role=banner>
 <hgroup>
 <h1 class=site-title><a href=https://yuerblog.cc/ title=鱼儿的博客 rel=home>鱼儿的博客</a></h1>
 <h2 class=site-description>但行好事，莫问前程</h2>
 </hgroup>
 <nav id=site-navigation class=main-navigation role=navigation>
 <button class="menu-toggle sf-hidden">菜单</button>
 <a class=assistive-text href=#content title=跳至正文>跳至正文</a>
 <div class=menu-%e9%a1%b6%e9%83%a8%e8%8f%9c%e5%8d%95-container><ul id=menu-%e9%a1%b6%e9%83%a8%e8%8f%9c%e5%8d%95 class=nav-menu><li id=menu-item-3204 class="menu-item menu-item-type-custom menu-item-object-custom menu-item-home menu-item-3204"><a href=http://yuerblog.cc/>首页</a></li>
<li id=menu-item-279 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-279"><a href=https://yuerblog.cc/2016/09/01/recommended-articles/>好文推荐</a></li>
<li id=menu-item-5634 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-5634"><a href=https://yuerblog.cc/2020/01/10/b%e7%ab%99%e7%9b%b4%e6%92%ad%e5%9b%9e%e6%94%be-%e7%bd%ae%e9%a1%b6/><font color=#fb7299>B站视频</font></a></li>
<li id=menu-item-1189 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-1189"><a href=https://yuerblog.cc/2017/02/15/booklist/>读书清单</a></li>
<li id=menu-item-1787 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-1787"><a href=https://yuerblog.cc/2017/06/18/care-about-health/>关注健康</a></li>
<li id=menu-item-3266 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-3266"><a href=https://yuerblog.cc/2018/06/02/about-my-blog/>关于博客</a></li>
</ul></div> </nav>
 </header>
 <div id=main class=wrapper>
 <div id=primary class=site-content>
 <div id=content role=main>
 
 
 <article id=post-4535 class="post-4535 post type-post status-publish format-standard hentry category-k8s">
 <header class=entry-header>
 
 <h1 class=entry-title>白话flannel和calico网络原理</h1>
 <div class=comments-link>
 <a href=#comments>1条回复</a> </div>
 </header>
 <div class=entry-content>
 <div class=yuerb-before-content_2 id=yuerb-1507053247>
<ins class="adsbygoogle sf-hidden" style=display:block;text-align:center data-ad-layout=in-article data-ad-format=fluid data-ad-client=ca-pub-5878478910106641 data-ad-slot=5599238126></ins>
</div><p>今天看了一些K8S容器虚拟化网络的博客，对网络插件的原理有了一些新的认识，在这里记录下来。<span id=more-4535></span></p>
<h1>概括</h1>
<p>容器虚拟化网络方案，总体分为2种截然不同的发展路线：</p>
<ul>
<li>基于隧道</li>
<li>基于路由</li>
</ul>
<p>下面分别说一下这两种思路的原理，以及和flannel、calico的关系。</p>
<h1>基于隧道</h1>
<p><strong>隧道方案最具普适性</strong>，在任何网络环境下都可以正常工作，这与它的原理密不可分。</p>
<p>最常见的隧道方案是flannel vxlan模式，以及calico的ipip模式，其核心原理包含了2个部分。</p>
<h2>分配网段</h2>
<p>每台宿主机上都有网络插件的agent进程，它们连接到etcd集中式存储，从虚拟IP池中申请一个IP段占位己有。</p>
<p>宿主机上每个容器则从IP段中分配得到1个虚拟IP。</p>
<h2>封装/解封</h2>
<p>当不同宿主机上的容器互相访问时，数据包的源IP和目标IP都是容器IP。</p>
<p>数据包经过宿主机的agent进程进行封装后，新数据包的源IP和目标IP则变成了两端宿主机的物理IP。</p>
<p>数据包送到目标宿主机后，经过agent解封后得到原始数据包，并将数据包送入容器中处理，这就给两端容器营造了一种互通的感觉。</p>
<p>因为物理IP属于3层网络，可以在互联网中经过中间路由设备互相送达，所以隧道方案对宿主机之间的网络环境没有特殊要求，因此隧道方案具备普适性。</p>
<h2>优势/劣势</h2>
<p>优势就是对物理网络环境没有特殊要求，只要宿主机IP层可以路由互通即可。</p>
<p>劣势就是性能差，这需要从2方面看：</p>
<ul>
<li>封包和解包耗费CPU性能</li>
<li>额外的封装导致带宽浪费，大约有30%左右的带宽损耗</li>
</ul>
<p>flannel vxlan和calico ipip模式都是隧道方案，但是calico的封装协议IPIP的header更小，所以性能比flannel vxlan要好一点点。</p>
<h1>基于路由</h1>
<p><strong>路由方案性能最好</strong>，原因是该方案不需要封包和解包，所以没有隧道方案的劣势，网络性能很好。</p>
<p>常见的路由方案包括了flannel的host-gw模式，以及calico的bgp模式。</p>
<p>下面以calico bpg模式为例，分析基于路由的方案原理，其包含了3个部分。</p>
<h2>分配网段</h2>
<p>每台宿主机也有agent，会从etcd中的虚拟IP池分配到一个IP子网段。</p>
<p>宿主机上每个容器则从该IP段中分配得到1个虚拟IP。</p>
<h2>本地路由</h2>
<p>假设我们在宿主机A上新建了一个容器，则该容器分配了一个虚拟IP，我们假设它是值是k。</p>
<p>agent会在本机配置一条路由规则，即：如果数据包的目标地址等于k，那么把数据包送到容器的虚拟网卡上。</p>
<p>另外一台宿主机B上的一个容器，其IP是m，向k容器发数据包，则数据包的目标地址是k，原地址是m。</p>
<p>既然路由方案是不使用隧道封包为物理IP在网络中流通的，那么该数据包又该如何送达到虚拟IP k呢？</p>
<h2>广播路由</h2>
<p>路由方案会采用如下的手段，搞定m到k的虚拟IP互通问题。</p>
<p>即宿主机A会通过某种方式（比如BGP广播协议）把自己的虚拟IP网段广播给宿主机B。</p>
<p>在宿主机B收到广播后，会给本机配置一条路由规则：如果数据包的目标地址属于宿主机A的虚拟IP网段，则把该数据包发给宿主机A的物理IP。</p>
<p>这条路由规则相当于为宿主机A的虚拟IP网段配置了转发网关，而这个网关就是宿主机A的物理IP。</p>
<p><strong>这就要求，宿主机B和宿主机A在2层网络是互通的，也就是它们在一个交换机下面，可以基于MAC地址直接互通。基于IP通信是3层网络，基于MAC地址通信则是2层网络。</strong></p>
<p>一旦该数据包被送往宿主机A的物理IP，则宿主机A就可以应用刚才讲过的”<strong>本地路由</strong>“规则了，即：数据包的目标IP是k，直接送给对应容器的虚拟网卡。</p>
<p>我们发现，整个过程中从m发往k的数据包采用的都是虚拟容器IP，没有经过任何封装和解封，而仅仅是通过宿主机B收到的广播路由+宿主机A的本地路由，就<strong>实现了在2层网络互通环境下的高效通讯</strong>。</p>
<h2>优势/劣势</h2>
<p>优势就是没有封包和解包过程，完全基于两端宿主机的路由表进行转发。</p>
<p>劣势包含2方面：</p>
<ul>
<li>要求宿主机处于同一个2层网络下，也就是连在一台交换机上，这样才能基于MAC通讯，而不需要在IP上动封包/解包的手脚。（在云环境中有”大二层”方案，可以解决这一限制问题，<a href=https://forum.huawei.com/enterprise/zh/thread-333013.html>点击了解</a>）</li>
<li>路由表膨胀导致性能降低，因为宿主机上每个容器需要在本机添加一条路由规则，而不同宿主机之间需要广播自己的网段路由规则。</li>
</ul>
<h1>参考资料：</h1>
<ul>
<li><a href=https://juejin.im/entry/599d33ad6fb9a0247804d430>白话kubernetess网络（强烈推荐）</a></li>
<li><a href=https://cmgs.me/life/docker-network-cloud>Docker network on cloud</a></li>
<li><a href=https://cloud.tencent.com/developer/article/1042570>如何解决容器网络性能及复杂网络部署问题？</a></li>
<li><a href=https://juejin.im/entry/57ad1417d342d30057ff49f1>聊聊容器网络那些事儿</a></li>
<li><a href=https://www.troyying.xyz/index.php/IT/5.html>Kubernetes网络实现之Calico</a></li>
</ul>
<div id=dashang-div style=margin-top:20px>
 
 <p>如果文章帮助了你，请帮我点击1次谷歌广告，或者微信赞助1元钱，感谢！</p>
 <img src="" style=display:block;height:230px;width:auto;margin-bottom:20px>
 
 <p>知识星球有更多干货内容，对我认可欢迎加入：</p>
 <img src="" style=display:block;height:230px;width:auto>
</div> </div>
 
 <footer class=entry-meta>
 本条目发布于<a href=https://yuerblog.cc/2019/02/25/flannel-and-calico/ title=下午5:14 rel=bookmark><time class=entry-date datetime=2019-02-25T17:14:42+08:00>2019年2月25日</time></a>。属于<a href=https://yuerblog.cc/category/k8s/ rel="category tag">k8s</a>分类。<span class="by-author sf-hidden">作者是<span class="author vcard"></span>。</span> </footer>
 </article>
 <nav class=nav-single>
 <h3 class=assistive-text>文章导航</h3>
 <span class=nav-previous><a href=https://yuerblog.cc/2019/02/25/win10-upgrade-solution/ rel=prev><span class=meta-nav>←</span> win10升级失败的解决方案</a></span>
 <span class=nav-next><a href=https://yuerblog.cc/2019/02/28/jenkins-update-site/ rel=next>推荐jenkins插件镜像 <span class=meta-nav>→</span></a></span>
 </nav>
 
<div id=comments class=comments-area>
 
 <h2 class=comments-title>
 《<span>白话flannel和calico网络原理</span>》有1个想法 </h2>
 <ol class=commentlist>
 <li class="comment even thread-even depth-1" id=li-comment-568>
 <article id=comment-568 class=comment>
 <header class="comment-meta comment-author vcard">
 <img alt src="" srcset class="avatar avatar-44 photo" height=44 width=44 sizes><cite><b class=fn>开发者头条</b> </cite><a href=#comment-568><time datetime=2019-02-28T10:02:43+08:00>2019年2月28日 上午10:02</time></a> </header>
 
 <section class="comment-content comment">
 <p>感谢分享！已推荐到《开发者头条》：https://toutiao.io/posts/k4pzju 欢迎点赞支持！使用开发者头条 App 搜索 382544 即可订阅《owenliang的独家号》</p>
 </section>
 <div class=reply>
 <a rel=nofollow class=comment-reply-link href="https://yuerblog.cc/2019/02/25/flannel-and-calico/?replytocom=568#respond" data-commentid=568 data-postid=4535 data-belowelement=comment-568 data-respondelement=respond aria-label=回复给开发者头条>回复</a> <span>↓</span> </div>
 </article>
 </li>
 </ol>
 
 
 
 <div id=respond class=comment-respond>
 <h3 id=reply-title class=comment-reply-title>发表评论 <small><a rel=nofollow id=cancel-comment-reply-link href=#respond style=display:none>取消回复</a></small></h3><form action=https://yuerblog.cc/wp-comments-post.php method=post id=commentform class=comment-form><p class=comment-notes><span id=email-notes>电子邮件地址不会被公开。</span><p class=comment-form-comment><label for=comment>评论</label> <textarea id=comment name=comment cols=45 rows=8 maxlength=65525 required></textarea><p class=comment-form-author><label for=author>姓名</label> <input id=author name=author type=text value size=30 maxlength=245></p>
<p class=comment-form-email><label for=email>电子邮件</label> <input id=email name=email type=text value size=30 maxlength=100 aria-describedby=email-notes></p>
<p class=comment-form-url><label for=url>站点</label> <input id=url name=url type=text value size=30 maxlength=200></p>
<p class=form-submit><input name=submit type=submit id=submit class=submit value=发表评论> 
<div class="wantispam-required-fields wantispam-form-processed"><div class="wantispam-group wantispam-group-q" style=clear:both;display:none>
 <label>Current ye@r </label>
 
 <input type=text name=wantispam_q class="wantispam-control wantispam-control-q" value=2020 autocomplete=off>
 </div>
<div class="wantispam-group wantispam-group-e" style=display:none>
 <label>Leave this field empty</label>
 <input type=text name=wantispam_e_email_url_website class="wantispam-control wantispam-control-e" value autocomplete=off>
 </div>
</div></form>	</div>
 
</div>
 
 </div>
 </div>
 <div id=secondary class=widget-area role=complementary>
 <aside id=text-57 class="widget widget_text"><h3 class=widget-title>知识星球</h3> <div class=textwidget><p>很多人抠抠嗖嗖的，1年100块钱花在学习上要犹豫半天，你少买点电子垃圾，少吃点豪华大餐，多学点有用的知识是不会吃亏的，人无远虑必有近忧，送给大家。</p>
<p><img class="alignnone size-medium wp-image-5358" src="" alt width=240 height=300></p>
</div>
 </aside><aside id=text-53 class="widget widget_text"><h3 class=widget-title>感谢vultr赞助服务器</h3> <div class=textwidget><p><a href="https://www.vultr.com/?ref=6914168"><img src="" width=300 height=250 hidden style=display:none!important></a></p>
<p>本博客运行在vultr，点击图片链接购买vps可以支持我的创作，同时获得vultr赠送充值。</p>
</div>
 </aside><aside id=text-47 class="widget widget_text"><h3 class=widget-title>我的网课</h3> <div class=textwidget><p><img class="aligncenter wp-image-5196 size-full" src="" alt width=240 height=180></p>
<p>免费课：《<a class=course-detail-title href=https://www.imooc.com/view/1025 target=_blank rel="noopener noreferrer">GO实现千万级WebSocket消息推送服务</a>》</p>
<p><img class="alignnone size-medium wp-image-5197" src= alt width=240 height=180>付费课：《<a class=course-detail-title href=https://coding.imooc.com/class/281.html target=_blank rel="noopener noreferrer">Go语言开发分布式任务调度 轻松搞定高性能Crontab</a>》</p>
</div>
 </aside><aside id=text-61 class="widget widget_text"><h3 class=widget-title>B站视频</h3> <div class=textwidget><p>持续更新不方便博客描述的技术视频/直播回放，全网独家干货，关注并支持我。</p>
<p><a href=https://space.bilibili.com/288748846/video><img class="alignnone wp-image-5615 size-full" src="" alt width=280 height=280></a></p>
</div>
 </aside><aside id=text-49 class="widget widget_text"><h3 class=widget-title>技术交流微信</h3> <div class=textwidget><p><img class="alignnone wp-image-3970 size-full" src= alt width=430 height=430></p>
</div>
 </aside><aside id=categories-4 class="widget widget_categories"><h3 class=widget-title>文章分类</h3> <ul>
 <li class="cat-item cat-item-116"><a href=https://yuerblog.cc/category/cc/>c/c++</a> (9)
</li>
 <li class="cat-item cat-item-101"><a href=https://yuerblog.cc/category/docker/>docker</a> (7)
</li>
 <li class="cat-item cat-item-105"><a href=https://yuerblog.cc/category/elasticsearch/>elasticsearch</a> (25)
</li>
 <li class="cat-item cat-item-98"><a href=https://yuerblog.cc/category/go/>GO</a> (33)
</li>
 <li class="cat-item cat-item-102"><a href=https://yuerblog.cc/category/hadoop/>hadoop</a> (4)
</li>
 <li class="cat-item cat-item-23"><a href=https://yuerblog.cc/category/java/>java</a> (15)
</li>
 <li class="cat-item cat-item-125"><a href=https://yuerblog.cc/category/k8s/>k8s</a> (40)
</li>
 <li class="cat-item cat-item-13"><a href=https://yuerblog.cc/category/mysql/>mysql</a> (9)
</li>
 <li class="cat-item cat-item-5"><a href=https://yuerblog.cc/category/php/>php</a> (51)
</li>
 <li class="cat-item cat-item-124"><a href=https://yuerblog.cc/category/python/>python</a> (20)
</li>
 <li class="cat-item cat-item-16"><a href=https://yuerblog.cc/category/steam%e9%a5%a5%e8%8d%92/>steam饥荒</a> (2)
</li>
 <li class="cat-item cat-item-118"><a href=https://yuerblog.cc/category/arch/>体系结构</a> (3)
</li>
 <li class="cat-item cat-item-114"><a href=https://yuerblog.cc/category/%e5%81%a5%e5%ba%b7%e4%b8%93%e9%a2%98/>健康专题</a> (1)
</li>
 <li class="cat-item cat-item-14"><a href=https://yuerblog.cc/category/%e5%89%8d%e7%ab%af%e5%bc%80%e5%8f%91/>前端开发</a> (38)
</li>
 <li class="cat-item cat-item-104"><a href=https://yuerblog.cc/category/%e5%9f%ba%e7%a1%80%e8%bf%90%e7%bb%b4/>基础运维</a> (17)
</li>
 <li class="cat-item cat-item-2"><a href=https://yuerblog.cc/category/%e6%8a%80%e6%9c%af%e5%a4%87%e5%bf%98/>技术备忘</a> (30)
</li>
 <li class="cat-item cat-item-120"><a href=https://yuerblog.cc/category/%e6%9c%ba%e5%99%a8%e5%ad%a6%e4%b9%a0/>机器学习</a> (18)
</li>
 <li class="cat-item cat-item-12"><a href=https://yuerblog.cc/category/%e6%9e%b6%e6%9e%84%e8%ae%be%e8%ae%a1/>架构&amp;设计</a> (89)
</li>
 <li class="cat-item cat-item-119"><a href=https://yuerblog.cc/category/%e6%a0%91%e8%8e%93%e6%b4%be/>树莓派</a> (14)
</li>
 <li class="cat-item cat-item-9"><a href=https://yuerblog.cc/category/%e6%af%8f%e6%97%a5%e4%b8%80%e8%ae%b0/>每日一记</a> (32)
</li>
 <li class="cat-item cat-item-123"><a href=https://yuerblog.cc/category/%e6%b8%b8%e6%88%8f%e7%bb%8f%e9%aa%8c/>游戏经验</a> (1)
</li>
 <li class="cat-item cat-item-115"><a href=https://yuerblog.cc/category/%e7%95%99%e8%a8%80%e6%9d%bf%e5%9d%97/>留言板块</a> (1)
</li>
 <li class="cat-item cat-item-100"><a href=https://yuerblog.cc/category/%e7%bd%91%e7%bb%9c%e5%8e%9f%e7%90%86/>网络原理</a> (9)
</li>
 <li class="cat-item cat-item-122"><a href=https://yuerblog.cc/category/%e8%8f%9c%e5%8d%95/>菜单</a> (1)
</li>
 <li class="cat-item cat-item-22"><a href=https://yuerblog.cc/category/%e8%ae%be%e8%ae%a1%e6%a8%a1%e5%bc%8f/>设计模式</a> (3)
</li>
 <li class="cat-item cat-item-103"><a href=https://yuerblog.cc/category/%e8%af%bb%e4%b9%a6%e6%b8%85%e5%8d%95/>读书清单</a> (1)
</li>
 </ul>
 </aside><aside id=text-55 class="widget widget_text"><h3 class=widget-title>友情链接</h3> <div class=textwidget><p><a href=https://blog.spider.im/ target=_blank rel="noopener noreferrer">吐核|Core Dump</a><br>
<a href=https://notes.yanlong.me/ target=_blank rel="noopener noreferrer">Yanlong notes</a><br>
<a href=https://pengrl.com/>yoko blog</a></p>
</div>
 </aside><aside id=search-7 class="widget widget_search"><form role=search id=searchform class=searchform action=https://yuerblog.cc/>
 <div>
 <label class=screen-reader-text for=s>搜索：</label>
 <input type=text value name=s id=s>
 <input type=submit id=searchsubmit value=搜索>
 </div>
 </form></aside> </div>
 </div>
 <footer id=colophon role=contentinfo>
 <div class=site-info>
 <a href=https://cn.wordpress.org/ class=imprint title=优雅的个人发布平台>
 自豪地采用WordPress </a>
 </div>
 </footer>
</div>
